General Bytes, a manufacturer of bitcoin ATMs, has lost more than $1.5 million worth of bitcoin (BTC) following an exploit on March 17 and 18.
Hacked General Bytes
In a March 18 security update, General Bytes said that the hacker, or a group of hackers, found an exploit in their master service interface before using it to send funds to their hot wallets. Following this attack, General Bytes was forced to temporarily shut down while it assessed the damage caused.
General Bytes admits that hackers could access their database through the master service interface. Attackers could then download usernames, password hashes, and most importantly, disable two-factor authentication (2FA) for the user. They could also crack API keys to send funds to wallets and hot exchanges. Due to this leeway, the hacker could automatically send funds from hot wallets.
The hackers ultimately stole 56.28 BTC from approximately 15 to 20 ATM operators through this flaw. Writing on March 19, the ADDRESS he still had 56.28 BTC; no funds had been transferred.
Another one of the hackers addresses he also had more than 21 ETH.
The hacker also liquidated coins and tokens, including Cardano (ADA), Dogecoin (DOGE), and USDT.
Migrating to self-hosted servers
Considering the scope of this attack, it was reported that General Byte’s servers would have to be redesigned and built from scratch.
Also, since the ATM maker is discontinuing its cloud service following this exploit, there are reports that it would urge its operators to use separate servers. Operators will be helped to migrate data from the cloud to their servers.
“It is theoretically (and practically) impossible to secure a system that grants access to multiple operators at the same time where some of them are bad actors. You will need to install your own separate server. GB Support will help you migrate your data from GB Cloud to your own standalone server.”
General Bytes has had problems with their servers before. In August 2022, hackers performed a zero-day attack on their servers and stole funds. Through this exploit, the hackers became default administrators and adjusted the settings of the exploited ATMs so that the deposit addresses were their hot wallets.